| RE: Re: Issue 326: Identifiers | <– Date –> <– Thread –> |
From: Salowey, Joe (jsalowey cisco.com)
|
|
| Date: Tue, 24 Jan 2006 23:59:43 -0800 (PST) | |
> -----Original Message----- > From: Bernard Aboba [mailto:bernard_aboba [at] hotmail.com] > Sent: Sunday, January 22, 2006 9:21 PM > To: eap [at] frascone.com > Subject: [eap] Re: Issue 326: Identifiers > > Question: can you supply text for the additional material > on "Identifier > attributes"? [Joe] How about: "The EAP method may export additional identity attributes that are associated with the authenticated identity. These attributes may be obtained from exchanged credentials such as certificates attributes, from information stored in a database entry associated with the identity, or from a trusted third party. This information may be used for authorization purposes in the lower layer or the AAA layer. " > > How about the following: > > "The combination of the Peer-ID and Server-ID may uniquely specify the > endpoints of the EAP method exchange when they are provided." > [Joe] Looks OK. > > > Issue 326: Identifiers > Submitter name: Joe Salowey > Submitter email address: jsalowey [at] cisco.com > Date Submitted: December 1, 2005 > Reference: > Document: Keying-08 > Comment type: T > Priority: 1 > Section: 1 > Rationale/Explanation of issue: > > " EAP methods also MAY export method-specific peer and server > identifiers (peer-ID and server-ID), a method-specific EAP > conversation identifier known as the Method-ID, and the lifetime of > the exported keys, known the Key-Lifetime. EAP methods MAY also > support the import and export of Channel Bindings. New EAP method > specifications MUST define the Peer-ID, Server-ID and > Method-ID. The > combination of the Peer-ID and Server-ID uniquely specifies the > endpoints of the EAP method exchange." > > It seems that additional data associated with the identity should be > exported to satisfy section 1.3. Suggestion is to add this and call > them identity attributes. > > In this paragraph it states that the "Peer-ID and Server-ID uniquely > specifies the endpoints of the EAP method exchange", however > further down > it states > that these quantities may be null. This is contradictory. Suggested > modification to above text: > > "The combination of the Peer-ID and Server-ID may uniquely specify the > endpoints of the EAP method exchange if the method supports > unique IDs." > > > _________________________________________________________________ > To unsubscribe or modify your subscription options, please visit: > http://lists.frascone.com/mailman/listinfo/eap > > Arhives: http://lists.frascone.com/pipermail/eap >
-
Re: Issue 326: Identifiers Bernard Aboba, January 22 2006
- RE: Re: Issue 326: Identifiers Salowey, Joe, January 24 2006
Results generated by Tiger Technologies using MHonArc.